US8281388B1ActiveUtility

Hardware secured portable storage

93
Assignee: SOBEL WILLIAM EPriority: Jun 27, 2008Filed: Jun 27, 2008Granted: Oct 2, 2012
Est. expiryJun 27, 2028(~2 yrs left)· nominal 20-yr term from priority
G06F 21/725G06F 21/78
93
PatentIndex Score
34
Cited by
11
References
19
Claims

Abstract

A portable storage device contains a real time clock, an onboard power source and secure storage. These components enable the device to securely store data and control access thereto. A secret key can be maintained in secure storage, such that access to the device can be denied to external systems that do not have a matching key. A log detailing connections can also be maintained in secure storage, such that device activity can be accurately documented, and made available in a trusted manner to a management system. Furthermore, the onboard real time clock allows stored data to be encrypted and decrypted in conjunction with specified time periods, such that a session key is destroyed after a time out, or is not made available until a given period of time has transpired.

Claims

exact text as granted — not AI-modified
1. A portable storage device configured to securely store and control access to data, the portable storage device comprising:
 a real time clock, configured to track current time; 
 an onboard power source coupled to the real time clock, configured to provide the real time clock with power; 
 control logic, configured to enforce device rules, execute device functionality, and detect connections of the device to an external system, and for each detected connection, to initiate a write of a log record concerning the connection to a portion of a secure storage area, the log record comprising a current time from the real time clock and a determined identification of the external system, wherein the log record can be read from but not written to by an authorized host; 
 a user accessible storage area, configured such that that data can be written to and read from the user accessible storage area, the user accessible storage area being communicatively coupled to the control logic; and 
 a secure storage area, configured to be accessible to elements external to the device only by using a device key, the secure storage area being communicatively coupled to the control logic. 
 
     
     
       2. The device of  claim 1  wherein the onboard power source comprises at least one element from a group of elements consisting of:
 a rechargeable battery; 
 a lithium battery; and 
 a rechargeable supercapacitor. 
 
     
     
       3. The device of  claim 1  wherein the user accessible storage area comprises at least one element from a group of elements consisting of:
 flash memory; and 
 magnetic memory. 
 
     
     
       4. The device of  claim 1  wherein the secure storage area further comprises:
 a portion of the secure storage area configured such that it can be read from but not written to by an authorized host; and 
 a portion of the secure storage area configured such that it can be accessed only by the control logic of the device. 
 
     
     
       5. The device of  claim 4  further comprising:
 at least one shared secret key stored in the portion of the secure storage area configured such that it can be accessed only by the control logic of the device; and 
 wherein the control logic is further configured to detect all connections of the device to any external system, and for each detected connection, only to allow the external system to read from or write to the device responsive to the external system providing a matching key. 
 
     
     
       6. The device of  claim 1  wherein the control logic further comprises:
 an encryption component, configured to use at least one key to encrypt and decrypt stored data. 
 
     
     
       7. The device of  claim 6  wherein:
 the encryption component is further configured to encrypt data with a secure session key and a timeout, such that the session key is destroyed when the timeout expires. 
 
     
     
       8. The device of  claim 6  wherein:
 the encryption component is further configured to encrypt data with a secure session key configured such that the session key is not accessible until after a specific period of time has transpired. 
 
     
     
       9. A method implemented by a portable storage device that comprises a real time clock, an onboard power source and a secure storage area, the method comprising the steps of:
 detecting connections of the device to external systems including a current time of a connection from the real time clock and a determined identification of the connection from the external system; 
 for each detected connection, initiating a write of a log record concerning the detected connection to a portion of the secure storage area configured such that it can be read from but not written to by an authorized host, the log record comprising a current time from the real time clock and a determined identification of the external system. 
 
     
     
       10. The method of  claim 9  further comprising:
 for each detected connection, gleaning information concerning the connection to the external system from the connection to the external system; 
 writing the gleaned information to the record log; and 
 wherein the gleaned information includes at least one type of data from a group of types consisting of: the time at which the device was connected to the external system, a duration of the attachment, an amount of information read from the device, an amount of information written to the device, at least one identifier of at least one object read from the device, at least one identifier of at least one object written to the device, and identifying information concerning the external system. 
 
     
     
       11. The method of  claim 10  wherein gleaning information from the connection to the external system further comprises:
 gleaning information from a hardware interface. 
 
     
     
       12. The method of  claim 10  wherein gleaning information from the connection to the external system further comprises:
 gleaning information from a connectivity agent. 
 
     
     
       13. A method implemented by a portable storage device that comprises a real time clock, an onboard power source and a secure storage area, the method comprising the steps of:
 storing at least one shared secret key stored in a portion of the secure storage area configured such that it can be accessed only by a control logic of the device; 
 detecting connections of the device to external systems; 
 for each detected connection, determining whether the external system provides a matching key, and initiating a write of a log record concerning the detected connection to a portion of the secure storage area configured such that it can be read from but not written to by an authorized host, the log record comprising a current time from the real time clock and a determined identification of the external system; and 
 responsive to results of the determining step, controlling access by the external system to the device. 
 
     
     
       14. The method of  claim 13  further comprising:
 responsive to the external system providing a matching key, allowing the external system to access the device. 
 
     
     
       15. The method of  claim 13  further comprising:
 responsive to the external system not providing a matching key, preventing the external system from accessing the device. 
 
     
     
       16. The method of  claim 13  further comprising:
 encrypting stored data with a session key; 
 storing a timeout; 
 controlling access to the encrypted data in conjunction with the timeout. 
 
     
     
       17. The method of  claim 16  further comprising:
 detecting the expiration of the timeout; and 
 deleting the session key. 
 
     
     
       18. The method of  claim 13  further comprising:
 encrypting stored data with a session key; 
 storing a time period; 
 controlling access to the encrypted data in conjunction with the time period. 
 
     
     
       19. The method of  claim 18  further comprising:
 not making the session key available until after the time period has transpired.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.